As a marketing professional, it’s my job to understand and communicate to my customers and potential customers. In the highly technical world of cyber security, this can often be difficult, not because I don’t or can’t understand the technology (I am a former engineer and coder), but because almost instantly when a cyber professional hears the word marketing in my title, they often assume I know nothing (or worse, but I won’t go into that here). So, I thought I’d take the opportunity to relate a story from my marketing life that is directly related to the job of a cyber security analyst (yes, it is possible!).
In a past life, working for an extremely large multi-national corporation, I was asked a simple question by my VP of Marketing: “Scott, how did we do at RSA last year?” (the trade show). Pretty simple question, right? I should have been able to go into a report generator somewhere and type in “20xx RSA cost”, “20xx RSA touches”, “20xx RSA leads”, “20xx RSA revenue”, and then “Graph this over time.” This would have given me a nice picture, in about 10 minutes, of our investment relative to how many folks we had talked to, how many were interested, how much money we had made, and how long the overall process had taken. Instead, I spent 30 days, nights, and weekends desperately attempting to piece together a picture in MS Excel from no less than 30(!) databases that tracked all of this information, all held together by a single “Key.” The task was impossible. (I only found out later that this is called Fusion Analysis or Data Wrangling.) So, the first chart I presented to my VP was a picture that I had found that showed the complexity of the system, and was forced to tell him, “I can’t answer your question well, but here’s what I do have.” (Luckily he was a big data professional, so he instantly understood.) Via pieces of information, plus interviews, plus a lot of surmising, I was able to put together a picture that, at best, was incomplete. I walked away from that experience thinking, “We’re blind. We have no idea how well our marketing activities are actually performing.” Sound familiar?
Because of this experience, when I was first interviewing with Novetta, I instantly “got” Novetta Cyber Analytics (but only later really understood the profound implications of its capabilities). And as I’ve worked with customers and learned more and more about the worlds of SOCs, analysts, incident responders, etc. the more my “get” has been confirmed: the stories I’ve heard tell tales about actually using notepads to track information from system to system, because very few of these systems really talk to each other in any intelligible way such that a human can understand some sort of combined output. (At least all of my data was held together by a Key, and with maybe a couple of DBAs I could have had some queries written against the multiple databases to answer my questions.) The result of this is that in even some of the most advanced shops, with the most advanced tools, there is simply not enough resource to track down, and fuse, complete information leading to truly confident answers against hundreds of daily attacks. From personal experience, I do not envy a security analyst’s day-to-day job.